5 matches found
Improper Certificate Validation
github.com/in-toto/go-witness is vulnerable to Improper Certificate Validation. The vulnerability is due to the AWS attestor accepting EC2 instance identity documents without properly validating signatures and relying on outdated public certificates, which allows an attacker to supply or intercep...
CLSA-2024-1708029694 Update of nss
Update to CKBI 2.64 from NSS 3.95 - Removed: - Certificate "E-Tugra Certification Authority" - Certificate "Explicitly Distrusted DigiNotar PKIoverheid G2" - Certificate "Hongkong Post Root CA 1" - Certificate "Symantec Class 1 Public Primary Certification Authority - G6" - Certificate "Symantec...
CLSA-2024-1705945513 Update of ca-certificates
update to CKBI 2.64 from NSS 3.95 - updated: - Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - removed old certificates: - Certificate "E-Tugra Certification Authority" - Certificate "Hongkong Post Root CA 1" - Certificate "Symantec Class 1 Public Primary Certification...
CLSA-2024-1705941268 Update of ca-certificates
update to CKBI 2.64 from NSS 3.95 - updated: - Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - removed old certificates: - Certificate "E-Tugra Certification Authority" - Certificate "Hongkong Post Root CA 1" - Certificate "Symantec Class 1 Public Primary Certification...
Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers
Cisco Talos has observed threat actors taking advantage of a Windows policy loophole that allows the signing and loading of cross-signed kernel mode drivers with signature timestamp prior to July 29, 2015. Actors are leveraging multiple open-source tools that alter the signing date of kernel mode...